Abstract:
While randomness plays an important role in Transport Layer Security (TLS) handshakes, current research often only focuses on specific implementations to uncover potential flaws related to Random Number Generators (RNG). This thesis focuses on the TLS handshake components displaying raw randomness and examines them from a blackbox perspective.
We determined that ServerHello randoms, the session IDs and the Initialization vectors (IV) of CBC-mode encryption algorithms provided raw RNG output fit for analysis. Approximately 10.000 hosts were scanned, composed of popular hosts using the Alexa top list and randomly picked ones. These hosts were then evaluated by applying statistical tests on the various components exposing randomness. We found out that an overwhelming amount of hosts displayed no issues in relation to the quality of their ServerHello randoms and IVs, with session IDs being the most predictable components, failing often at at least one test. However, ten hosts were found which displayed serious flaws in relation to their generated ServerHello randoms and IVs, manifested by duplicates and fixed values.
In addition to the blackbox evaluation, the unfinished Extended Random TLS extension was examined in this thesis. While this extension never left the draft stage, 444 hosts from the IPv4 space were found which are still supporting Extended Random. Those hosts were exclusively composed of Canon printers displaying identical behavior. Although the inclusion of Extended Random support is likely to be an unintended feature of the employed BSAFE RSA Micro Edition Suite, no measurable impact on the quality of the exposed randomness was found when negotiating Extended Random.